More and more communications are currently effected through the Internet. Today, for most people, it is a trivial matter to send or receive an email, make a purchase in an online store, discuss upcoming or past events on social networks, or chat with friends who are thousands of miles away using Internet telephone means. Since the Internet contains a large amount of confidential data, the issue of authentication of the parties during Internet communication is becoming more and more important.
To solve such issues, as early as over twenty years ago, a concept was developed for authentication of the communicating parties and transfer of encoded data through a public communication channel using asymmetrical code systems. Authentication refers to the process of checking whether the party with which communication is being effected is the one it is purporting to be. This approach is still quite popular. One of the main elements of this approach is the use of a public key infrastructure with certification centers and public key certificates (for brevity, the term certificate is used). In general, a certification center, or certificate authority, issues a public key certificate to an interested party, to be used for further authentication of this interested party. In this case, for correct operation of the whole system, the certification center issuing the certificate must be trusted and practically impossible to compromise. In most cases, the level of trust is determined using known information on the subject, such as his reputation. Indeed, until recently, events related to compromising a large certification center with good reputation did not amount to a serious scale. However, since today's offenders work in organized groups to take unlawful actions on the Internet and have sufficient financial and technical resources, such incidents are happening more and more often. The compromised certification centers Comodo and DigiNotar can be cited as examples. This increased attention of offenders to the operation of certification centers is explained first by the fact that it can be viewed as a single point of failure, which, once hacked, can give unlimited access to its resources, allowing to issue new fake certificates signed by a trusted party. Second, detection of a compromised certification center using existing tools can take from a few days to several months, which is quite sufficient for the offenders. Third, after a successful attack, the capabilities of a hacked certification center can be used for subsequent “man-in-the-middle”-type attacks, intended to gain access to confidential end user data. Hacking, in particular, means using vulnerabilities in architecture, communication protocols and software with the purpose to gain unauthorized access.
As there are reasons to expect similar attacks in the future as well, companies working in the area of Internet communication security are trying to suggest methods preventing the use of certificates fraudulently obtained by “man-in-the-middle”-type attacks. In particular, Google Inc. proposes to gather statistics on certificates using software which would check all Internet sites automatically and/or using a preset schedule. Subsequently, the gathered statistics can be used to build reputation for the certificates of a given website.
U.S. Pat. No. 7,739,494 discusses the calculation of a trust index for a given certificate, taking into account the information on the certification center issuing the certificate, the geographical location of the certificate holder, the type of the network connection being used, etc. The obtained index determines the level of trust for the certificate in question. The patent also notes that it is possible to analyze the statistics of user requests and replies for the website in question—for example, the number of requests sent to the site, information on the certificates obtained from the site, etc. It should be also noted that the use of the above described technologies makes it practically impossible to accurately distinguish a certificate issued to the actual site owner from a certificate obtained by offenders through compromising a certification center.
Therefore, a system is needed which would guarantee correct authentication of the communicating parties using a public key certificate even in case of obstacles created by offenders. Obstacles in this context means pre-planned actions intended to cause an authentication error, such as: compromising a certification center, providing false statistical data, as well as various types of “man-in-the-middle” attacks. A “man-in-the-middle”-type attack, for the purposes of this description, means, in particular, infiltration of an offender in a communication channel in order to gain access to confidential data of a party and/or unauthorized modification of incoming or outgoing messages, as well as modification of the operation logic of at least one device required for bilateral communication.